CVE-2025-35021

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-35021
By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.abilis.net/relnotes/cpx2k/R9.0.html#R9.0.7 Release Notes
https://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001011111111111011111111110000000000000000000000000000000000000000000000000000000100 Exploit Mitigation Third Party Advisory
https://www.runzero.com/advisories/abilis-cpx-authentication-bypass-cve-2025-35021/ Exploit Mitigation Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:antek:abilis_cpx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:antek:abilis_cpx_2000:-:*:*:*:*:*:*:*
History

13 Jan 2026, 15:00

Type Values Removed Values Added
References () https://support.abilis.net/relnotes/cpx2k/R9.0.html#R9.0.7 - () https://support.abilis.net/relnotes/cpx2k/R9.0.html#R9.0.7 - Release Notes
References () https://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001011111111111011111111110000000000000000000000000000000000000000000000000000000100 - () https://takeonme.org/gcves/GCVE-1337-2025-00000000000000000000000000000000000000000000000001011111111111011111111110000000000000000000000000000000000000000000000000000000100 - Exploit, Mitigation, Third Party Advisory
References () https://www.runzero.com/advisories/abilis-cpx-authentication-bypass-cve-2025-35021/ - () https://www.runzero.com/advisories/abilis-cpx-authentication-bypass-cve-2025-35021/ - Exploit, Mitigation, Third Party Advisory
First Time Antek abilis Cpx 2000
Antek
Antek abilis Cpx Firmware
CPE cpe:2.3:o:antek:abilis_cpx_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:antek:abilis_cpx_2000:-:*:*:*:*:*:*:*

04 Nov 2025, 15:15

Type Values Removed Values Added
References
  • {'url': 'https://takeonme.org/cves/cve-2025-35021/', 'source': 'cve@takeonme.org'}
  • () https://www.runzero.com/advisories/abilis-cpx-authentication-bypass-cve-2025-35021/ -

04 Nov 2025, 01:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-11-04 01:15

Updated : 2026-01-13 15:00

NVD link : CVE-2025-35021

Mitre link : CVE-2025-35021

CVE.ORG link : CVE-2025-35021

JSON object : View

Products Affected

antek

  • abilis_cpx_2000
  • abilis_cpx_firmware
CWE
CWE-1188

Insecure Default Initialization of Resource